Seattle men charged with computer hacking, stealing personal info from King County businesses

Three Seattle men were charged by federal prosecutors for hacking into computer systems to steal personal and business information used in a variety of thefts and frauds in the King County area.

The three are charged in a 10-count indictment alleging a conspiracy to access computers to commit fraud, damaging computers, access device fraud and aggravated identity theft, according to a Sept. 21 U.S. Attorney’s Office media release. If convicted the defendants face up to 15 years in prison and a $250,000 fine.

The men were identified as Joshuah Allen Witt, 34, Brad Eugene Lowe, 36, and John Earl Griffin, 36.

“These defendants combined ‘old school’ methods such as burglary, with high-tech methods such as using unprotected wireless networks to hide their identities while draining bank accounts and committing fraud,” said U.S. Attorney Jenny A. Durkan who chairs the Justice Department’s Cybercrime and Intellectual Property Enforcement working group. “The victims in this case quickly reported the hacking to law enforcement — a key step to bringing these defendants to justice.”

According to the indictment, beginning in 2008 and continuing into 2010, the three men allegedly hacked the networks of more than a dozen businesses and burgled more than 40 businesses to steal equipment and obtain personal and business information used for fraud. The ring obtained credit card numbers and used them to purchase tens of thousands of dollars of high tech equipment and luxury goods that they used or sold.

They reportedly hijacked payroll information so that payroll funds would be distributed to accounts under their control and sent company funds to reloadable debit cards, allowing them to rapidly cash out the company accounts. The ring broke into businesses and stole computer equipment which they then used to hack into the company’s network.

The men outfitted at least one vehicle with high-tech equipment, including extensive antennas, allowing them to search for wireless networks they could use both for hacking or to hide their ‘digital fingerprints’ when they accessed a company network. The steps they took to hide their identities led to innocent third parties or company employees being suspected and interviewed by law enforcement.

The men allegedly hacked in and stole the personal information of more than 50 employees from a Renton business.

Durkan thanked the companies for quickly reporting suspicious activity on their networks.

The case was investigated by the U.S. Secret Service Electronic Crimes Task Force comprised of officers and agents from the Seattle Police Department, King County Sheriff’s Office, Kirkland Police Department, Bellevue Police Department, and Lynnwood Police Department. Significant additional assistance was provided by the Redmond, Renton, Woodinville and Bothell Police Departments.

Durkan and law enforcement officials provided tips for businesses to protect against being a victim:

• Businesses should review their wireless encryption and confirm that they are using the appropriate level of encryption (WPA2 Personal or WPA Enterprise).

• Businesses should keep a record of all laptop computers and ensure that any computers with remote access are encrypted.  Any missing laptop computers should have passwords and credentials replaced immediately.

• Businesses should be aware of hacking that can occur from physical access to the server room as well as from external hacking.

• Employees should never click past security certificate warning screens and should notify I.T. immediately.

• Managers should be aware of “watercooler” talk among employees that may indicate a breach has occurred. This includes numerous employees complaining of fraud on personal accounts.

• Businesses should ensure that they have a security response plan prepared in the event that some kind of incident does occur.

• If you notice suspicious activity, contact your local law enforcement. You can make a referral to the U.S. Secret Service Electronic Crimes Task Force.